Issue 684435 link

Starred by 1 user

Issue metadata

Status:	Started
Owner:	█ mkwst@chromium.org Buried. Ping if important.
Cc:	a...@google.com
Components:	Blink>SecurityFeature
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

Blocking:
issue 680418

Experiment with blocking more parser-inserted script.

Project Member Reported by mkwst@chromium.org, Jan 24 2017

Issue description

aaj@ suggests that we might consider something that would "prevent executing any scripts added to the page via parser-based DOM APIs". It's not entirely clear to me how we'd best define the contours of that, but let's sketch it out and then bring it to WebAppSec for discussion.

Comment 1 by mkwst@chromium.org, Feb 17 2017

aaj@ is totally going to file a bug against WebAppSec with what he wants: https://codereview.chromium.org/2657623005 is relevant.

Comment 2 by a...@google.com, Mar 9 2017

Just filed: https://github.com/w3c/webappsec-csp/issues/191

Comment 3 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 4 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

►

Issue 684435 link

Issue metadata

Experiment with blocking more parser-inserted script.

Issue description

Comment 1 by mkwst@chromium.org, Feb 17 2017

Comment 1 Deleted

Comment 2 by a...@google.com, Mar 9 2017

Comment 2 Deleted

Comment 3 by est...@chromium.org, Nov 10 2017

Comment 3 Deleted

Comment 4 by est...@chromium.org, Feb 18 2018

Comment 4 Deleted

Sign in to add a comment